Even if you get past the roadblocks Apple has put in place, it’s not beer and skittles for browser makers in the EU.
The CRA, which is now in effect, lists browsers as class I important products. Technical documentation, design documentation, user documentation, security conformance testing, a declared support period at the time of download, software bill of materials, the legal obligation to respond to and make all your internal documents available to market surveillance organizations, etc.
And if the EU doesn’t publish harmonized development standards by 2027, you will be required to pay a 3rd party to come in and analyze you, your design, and the security of your browser, and make a report to send to the market surveillance organization, who gets to decide if you have the requisite conformance.
Are you sure that anyone but the big boys want to make a browser in the EU?
Here is the law, please point out where I am wrong. Much appreciated :)
We are not generally used to this in our field but just think about the amount of paperwork you have to go through in order to construct a bridge or an airplane. Browsers have become a critical component and it seem not really unexpected that there will eventually be legal requirements to help to ensure that browsers are safe given the amount of software that runs on top of browsers. And this is also not new, there have been legal requirements for all kinds of software for a long time, you will just not think about those unless you work in an affected area.
Are you seriously suggesting that becoming more regulated like bridge/building builders is GOOD for software?
You sure you are ready to freeze all innovation forever? Cause there is a well documented inverse relationship between regulation and innovation. (Small teams cannot afford compliance officers and other such dross. Big ones do move fast, and, without competition from the smells, do not need to)
For software used by regular people who do not know anything about software and shouldn't have to, used to manage their banking, do their taxes and other things that they need to be able to do online these days? Yes.
>For software used by regular people who do not know anything about software and shouldn't have to... Yes (aka kill the makers with regulations)"
That doesn't make sense. Even the big browser makers have beta-versions clearly marked as experimental. If someone is so dumb that they don't understand simple warnings and disclaimers, that's their problem and nobody else's.
"Don't use if dumb" is the only warning that regulators need to require. The regulator should pay to the maker for all other compliance measures, otherwise regulations become only a source of oppressive power and picking winners and losers. "Only" because they do not increase software security in any meaningful way.
Personally I consider Chrome to be one of the least-safe browsers available, because it sends my data to Google. Also it perpetuates a monoculture. However, others may define "safe" differently, excluding such considerations.
Watch them not enforce this at all whenever they need something from the US, like how they delayed (and afaik still do) heavy Google/Meta/Apple fines for DMA. Laws don't matter, only enforcement. See TikTok ban.
This is the biggeest issue that techies on HN don't understand.
These tech giants are essentially extensions of the United State's government now and fining them or imposing restrictions isn't as simple as fining any corporation due to the geopolitics at play.
The long term solution is for EU to decouple its reliance on American technology. Anything else is a bandaid IMO.
The problem is not the technical reliance, EU is relying on the US, full stop. This isn't a question of making a new EU cloud hosting provider (already hard). This turn of events was completely unexpected and decades of strategizing crumbled.
Hear me out, I have a tinfoil hat theory. What if, those requirements weren't put to help small shops making a new browser, but to guarantee the big shops who already have a browser are getting fined? *hits bong*
And this is why the EU's GDP versus the US is now only 65% and shrinking. The regulations are about beating US companies into compliance, sometimes with righteous motives; but there's no forethought on how a domestic EU startup might be able to comply, or how a startup would convince investors to take the gamble.
Yeah, because EU software companies were totally destroying the American software industry before the last decade…
The EU’s relatively shrinking GDP has much more to do with their populations growing older and their population size stabilizing, and the relatively tiny amount of migration, than EU digital laws, most of which have been replicated throughout the world.
Additionally, the EU has always had weak financial markets, and the only strong financial center, the city of London, quit the EU and both the EU and the city of London have suffered because of that, with a whole bunch of LSE listed companies moving to New York (including possibly Shell, which would be devastating for London as a financial center).
>The EU’s relatively shrinking GDP has much more to do with their populations growing older
I'm not buying this argument. Same how the US's economy isn't stronger because Americans have more kids because we're not talking about agrarian civilizations here where every pair of hands on the farm ads proportional labor output. In service based economies, a smart person with a wealthy VC behind him can generate the GDP growth of tens of thousands of traditional labor jobs so population growth isn't the bottleneck.
EU economy is weak not because of lack of more kids, but because they have not captured any high growth industries (specifically tech) to generate better jobs and new wealth for future generations of youth. Europe is all old wealth and in the hands of old people. Once the economy becomes a fixed pie with no growth, population growth follows suit. EU economy is weak because after 2008 they went the route of austerity while the US printed it's way out dumping cheap money on fueling economic growth.
If Europeans would hypothetically start having way more kids tomorrow, those kids would end up being even poorer having to share the same fixed pie of limited economic resources. Another argument why more kids != wealthier for Europeans, is a news I read today of another local university graduate who moved his start-up to the US, so what's the point in making more kids if they have no funds to increase the GPD here and they leave? More kids with no comparable growth in money = those kids competing with India or Bangladesh.
Labor is absolutely the bottleneck. You can come up with as many billion dollar ideas as you like, but without people to pay for them, where does the income come from? Economies grown because money flows, it gets invested, and that investment creates income, which goes to the workers and owners, and gets spent again. With fewer people, it doesn't matter how rich some of them get, the entire economy will slow down, because there is nowhere to productively spend that money in that economy -- it flows out.
Question: Europe has had an open door migration policy since at least 2015 and taken millions of migrants, especially Italy and Greece. Why haven't all those migrants turned EU's or Italy or Greece's economies into a powerhouse and built US big-tech competitors here? Same question for Canada. When is that magic economic growth from population growth coming?
Answer: Because US invests more money in high growth sectors than EU and Canada combined, and because people aren't fungible cogs in a machine, that you can swap in and out and get the same economic output it's agrarian labor. Attracting the handful of the smartest people in the world with money and resources like the US did, is more important and ads more value to their economy than attracting millions of desperate unskilled laborers like EU and Canada did.
>but without people to pay for them
Yes, people to pay for them, as in billionaire VCs pay for them, not millions of poor uneducated people, those can't even pay their rent without government support let alone boost economy. They aren't gonna boost anything except Amazon fulfillment center and Door dash delivery rates.
So NO, I don't agree with you at all. EU has enough local skilled college educated people since university is free here, but it has no VC money to amplify their labor into economic output as proven how many EU's top minds choose to work for US companies. Adding even more random people to a stagnating economy just means lower wages and bargaining power with higher rents, not more wealth growth per capita. Your comment does not disprove any of this.
I was responding to a specific aspect regarding population and labor, I am not an expert on Europe. I would like to say, though, that starting with a conclusion and working backwards from it is a really terrible way to proceed with a hypothesis.
>I was responding to a specific aspect regarding population and labor
Like which example are you referring to? Be specific. Because you haven't provided any reproducible arguments or specific facts to support your opinion, and I gave you a real life example that disproves your hypothetical one.
>I am not an expert on Europe
You don't need to be one to argue on this, if you have other arguments that can be substantiated with proof or facts to disprove mine.
>I would like to say, though, that starting with a conclusion and working backwards from it is a really terrible way to proceed with a hypothesis.
I'm not starting from the conclusion, I just picked the best real life example at my disposal that contradicts your point and chose to narrate it from that end, but it doesn't change the start condition or the outcome, it's still the same no mater from which way you look at it.
> Like which example are you referring to? Be specific. Because you haven't provided any reproducible arguments or specific facts to support your opinion, and I gave you a real life example that disproves your hypothetical one.
Your first paragraph, specifically.
> Same how the US's economy isn't stronger because Americans have more kids because we're not talking about agrarian civilizations here where every pair of hands on the farm ads proportional labor output. In service based economies, a smart person with a wealthy VC behind him can generate the GDP growth of tens of thousands of traditional labor jobs so population growth isn't the bottleneck.
> You don't need to be one to argue on this, if you have other arguments that can be substantiated with proof or facts to disprove mine.
I am not arguing with you about anything, I am stating why population is an important factor in economic growth. Are you disputing that this is the case?
> I'm not starting from the conclusion
You are starting from 'the US economy is better than Europe's because Europe is stifling high tech growth' and working backwards from there. It is incredibly obvious that is what you are doing.
And that will continue, since it’s a reinforcing effect: Just like successful American startups tend to be bought by the big corps, the same happens here. There’s just no behemoth regionally to swallow them.
That's not necessarily true; as the EU had many major players, especially historically: SUSE, Ericsson, Nokia, SAP; all were or are being shredded by US competition despite a domestically entrenched position. Even in 2008, when both economies did badly, the EU and the US had nearly identical GDP figures.
The EU might point to ASML as a point of pride; but that assumes an ASML competitor wouldn't get tens of billions to compete the moment ASML is inconvenient.
ASML (plus Airbus, SAP and Spotify) can't feed 300 million EU workers. Europe needs more than just a point of pride on the entire continent to be an economic powerhouse. Like we say in my country: "a single bloomed flower does not make spring".
It's a fake news that just don't take into account on currency value change (euro has lost some value between 2019 and 2024). But if you look really want to look at it this way, I have a bad news for new: USA has shrink 15% since January compared to Europe as EUR go from 1$ to 1.15$.
If we look at GDP at purchasing power parity from 2007 to 2023 we have this:
In other words, it's already been adjusted for exchange rates. If you adjust for today's USD/EUR exchange rate, you're double-adjusting it. The US dollar has dropped in the recent months, and much of that is arguably due to bad decision making by the current administration, but it hardly refutes the claim that US growth has outpaced EU growth for the few decades.
Actually, that's because the USA has the world reserve currency as a result of the former Bretton Woods system, itself a result of World War 2. This allows it to command a large exchange rate premium without having to actually work for it. This is the reason the USA has a larger GDP per capita than every other country except for a bunch of tax havens (which have artificially inflated total GDP).
We can look at China that is focused on growth at all costs. If you look at rare earth metals, they're equally distributed but they are toxic to extract. The west has pretty much stopped extracting. China is still going full steam ahead.
https://e360.yale.edu/features/china-wrestles-with-the-toxic...
China would bulldoze my hometown in 2 seconds if it meant an addition 0.1 GDP. I would say that the US is between Europe and China for balancing GDP vs protecting its citizens.
>We can look at China that is focused on growth at all costs.
It's easy to look down on others from an ivory tower in the wealthy developed west, but consider that China was dirt poor a few decades ago. What else would you have chosen? Die of poverty while protecting the environment? Same with India. They did what they had to in order to survive.
The west did that too in the industrial revolution. China had to speed run decades of industrial evolution in years. So why gaslight other countries for doing the same thing your country did a few decades earlier?
The good news for them is China recently stopped extracting rare earths on the cheap for the west. Their cities, air, water are waaay cleaner than they were just a decade ago. Chinese cities are actually livable now.
That's why the west is scrambling to find alternative sources on the cheap in other places that will let their environment be trashed, like Ukraine and Africa, since China doesn't want to be the west's easily exploitable environmental pay-piggy anymore, and good for them.
The bad news for the planet is that environmental destruction is not stopping, it's just moving away from China to other poorer places with weaker economies and militaries who are more malleable to western pressure and corporate demands.
>China would bulldoze my hometown in 2 seconds if it meant an addition 0.1 GDP.
Your western nation most likely did the same from the industrial revolution till WW2.
I'm not looking down at China. I use using it as an example of there's a trade off between environmental and growth. I don't believe I offered a value statement. Yes the USA is famous for breaking treaties with the Native Americans whenever they found resources on the Native American's reservations. The USA seized private property to give to a pharmaceutical company.[0]
Do you believe there can be trades off between consumer, environmental protections, and GDP? I do.
Everything has tradeoffs. You can protect children extremely well, if you mandate that every household have a live-in social worker, subsidized by the government with a 30% caretaker tax on top of standard income tax. If a government were to pass such legislation, do you hate children and love money that much to want to repeal it?
At some point, protections are not feasible - and the EU's "consumer and environmental" protections are apparently unfeasibly expensive in their current form to have a competitive economy. This is also self-defeating, as only in the context of a competitive economy, would these protections have any merit or be enforceable. Beggars can't be choosers.
But I disagree with your sentiment that the EU is going too far. Look at how healthy and happy the US is and how happy and healthy we are. The market, corporations and the economy are there to serve us, not to dominate us. Their existence is a means to an end, not an end in itself. Consumer and environmental protection are not a luxury, it's essential.
And surely, tariffs and trade wars have nothing to do with anything, right? It's just this damn overregulation and nothing else!!111
Someone will need to establish an entity to bring a distributable version of that browser to an app store, and in doing so, taking on the compliance liability.
As usual this is a panicked overreaction. No, startups won't be fined out of existence by the iron fist of regulators who despise innovation.
> (93) In relation to microenterprises and small enterprises, in order to ensure proportionality, it is appropriate to alleviate administrative costs without affecting the level of cybersecurity protection [...] It is therefore appropriate for the Commission to establish a simplified technical documentation form targeted at the needs of microenterprises and small enterprises. [...] In doing so, the form would contribute to alleviating the administrative compliance burden by providing the enterprises concerned with legal certainty about the extent and detail of information to be provided. [...]
> (96) In order to ensure proportionality, conformity assessment bodies, when setting the fees for conformity assessment procedures, should take into account the specific interests and needs of microenterprises and small and medium-sized enterprises, including start-ups. In particular, conformity assessment bodies should apply the relevant examination procedure and tests provided for in this Regulation only where appropriate and following a risk-based approach
> (97) The objectives of regulatory sandboxes should be to foster innovation and competitiveness for businesses by establishing controlled testing environments before the placing on the market of products with digital elements. Regulatory sandboxes should contribute to improve legal certainty for all actors that fall within the scope of this Regulation and facilitate and accelerate access to the Union market for products with digital elements, in particular when provided by microenterprises and small enterprises, including start-ups.
> (118) [...] specify the simplified documentation form targeted at the needs of microenterprises and small enterprises, and decide on corrective or restrictive measures at Union level in exceptional circumstances which justify an immediate intervention [...]
> (120) [...] When deciding on the amount of the administrative fine in each individual case, all relevant circumstances of the specific situation should be taken into account [...], including whether the manufacturer is a microenterprise or a small or medium-sized enterprise, including a start-up [...]. Given that administrative fines do not apply to microenterprises or small enterprises for a failure to meet the 24-hour deadline for the early warning notification of actively exploited vulnerabilities or severe incidents having an impact on the security of the product with digital elements, nor to open-source software stewards for any infringement of this Regulation, and subject to the principle that penalties should be effective, proportionate and dissuasive, Member States should not impose other kinds of penalties with pecuniary character on those entities.
First, I believe that you are correct in that small enterprises are not going to be fined out of existence (unless they continually fail to adhere to CRA requirements). The issue is that if you want to make a browser in the EU, you have to be extremely serious about it.
Second, you are quoting from the section of the act that the EU uses to lay out their reasoning, justification, and thought process. This section is not legally binding. The actual text (page ~28 and beyond in the linked document) is what controls. We have seen from DMA enforcement in regard to Apple that the EC does not consider conflicts between the two sections to be important.
> The issue is that if you want to make a browser in the EU, you have to be extremely serious about it.
The current browser vendors have made the web so complex that this is already the case regardless of what laws do or do not impose. It's simply too large a project to implement one for any non-serious project to succeed (as evidenced by the fact that we haven't got a new browser since... Chrome. Microsoft edge sort of I guess but that project was abandoned and they moved to chrome).
True, but legal complexity and technical complexity are two very different things. I can pretty much guarantee from experience that small businesses prefer technical complexity every day of the week.
> if you want to make a browser in the EU, you have to be extremely serious about it.
Why is this a problem?
No, really; why is it a bad thing that if you want to create a complete new browser, you have to actually be serious and committed to it?
A web browser is a pretty significant piece of software, and it sits between you and the entire web. You do your banking through it. You access your email through it. You book flights through it.
If the browser is badly constructed or malicious, any of these very vital functions can fail in unpredictable ways, be compromised by unknown third parties, or even be deliberately intercepted by the browser itself.
Here in the US, and especially for tech people like us, we're used to thinking of software as a complete free-for-all: anyone can make anything they want, and anyone must be allowed to make anything they want! That's what Freedom means!
But that kind of freedom can have pretty serious consequences if it's treated without respect or abused. Frankly, I'm glad to see the EU starting to put some genuine safeguards in place for the people who have to use the software we make, to ensure that we can't just foist off crap on them and when they get their identity stolen because of our negligence, just say "lol too bad, Not Guaranteed Fit For Any Purpose, deal with it".
Yes, I don't want to say that this is a problem (or not a problem).
The original article has a quote from Apple saying that they don't know why nobody has submitted any new browser for them to approve and then goes on to list a bunch of reasons for why this is the case. All of which center on Apple being obstinate. If Apple was suddenly a nice friendly corporation, would the browser landscape in the EU change much?
The CRA has been law for less than 9 months. I don't think that the general software developer community has awaken to what it is going to involve when full enforcement begins in 2027. I believe that at least some of the people that had originally planned to create new browsers in the EU have reconsidered now that they know what their obligations in 1.5 years will be. And that is probably a good thing (but not Apple's fault).
> If Apple was suddenly a nice friendly corporation, would the browser landscape in the EU change much?
Not immediately. Because there are literally no browser vendors beyond the existing three. Everyone else is just söapping on different coats pf paint on Chromium.
It’s possible to have software, including browsers, that are not subject to the CRA.
F-droid is essentially a Netherlands-based non-profit that will follow EU law when they have to. Some, but not all, of the software they currently host will be subject to the CRA, and if F-droid wishes to continue hosting it they’ll be a distributor under the CRA and be subject to obligations that they currently do not have.
The situation today is not the situation next year, and especially not 2 years from now.
The CRA, which is now in effect, lists browsers as class I important products. Technical documentation, design documentation, user documentation, security conformance testing, a declared support period at the time of download, software bill of materials, the legal obligation to respond to and make all your internal documents available to market surveillance organizations, etc.
And if the EU doesn’t publish harmonized development standards by 2027, you will be required to pay a 3rd party to come in and analyze you, your design, and the security of your browser, and make a report to send to the market surveillance organization, who gets to decide if you have the requisite conformance.
Are you sure that anyone but the big boys want to make a browser in the EU?
Here is the law, please point out where I am wrong. Much appreciated :)
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L...